Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Samba command-injection flaws historically require an authenticated SMB session to reach vulnerable helpers, so PR:L over PR:N; network reachable, low complexity, full CIA impact as smbd typically runs privileged.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
8DescriptionNVD
Alpine Linux: samba fixed in 4.23.8-r0
AnalysisAI
Command injection in Samba (CWE-78) carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and is fixed in Alpine Linux package samba 4.23.8-r0, with Red Hat shipping errata RHSA-2026:22644, 22963, 25049, and 25979 for Enterprise Linux 6/7/9 and OpenShift Container Platform 4.0. The flaw allows remote attackers to inject operating-system commands against vulnerable Samba deployments, yielding full confidentiality, integrity, and availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Based on the supplied CVSS vector (AV:N/AC:L/PR:N/UI:N), exploitation requires only network reachability to the Samba service (typically TCP 445, also 139) with no authentication and no user interaction against default Samba deployments on Alpine, RHEL 6/7/9, and OpenShift Container Platform 4.0. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and require honest interpretation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reachability to TCP/445 on a vulnerable Samba server sends a crafted SMB request containing shell metacharacters in a field that Samba passes to a shell-invoking helper, causing the smbd process to execute attacker-supplied commands as the Samba service account. From there the attacker drops a reverse shell, harvests credentials and Kerberos tickets, and pivots into the Active Directory or Linux fleet. … |
| Remediation | On Alpine Linux, upgrade the samba package to 4.23.8-r0 or later via apk; on Red Hat Enterprise Linux 6, 7, and 9 and OpenShift Container Platform 4.0, apply the vendor-released patches from RHSA-2026:22644, RHSA-2026:22963, RHSA-2026:25049, and RHSA-2026:25979 (linked from https://access.redhat.com/security/cve/CVE-2026-4408), and on other distributions install the patched upstream Samba build referenced in Samba Bugzilla 16034. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Samba deployments and document current software versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Openshift Container Platform
View allThe Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated criti
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in. Rated high severity (CVSS 8.
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), t
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32741
GHSA-jg8v-92xc-cx65